CVE-2025-59707
In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability.
CVE-2025-59706
In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution.
CVE-2025-32991
In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution.